본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

yahoo password did not succeed (Yahoo thinks Thunderbird is "less secure")

  • 4 답장
  • 1 이 문제를 만남
  • 2 보기
  • 최종 답변자: cookiePJones

more options

Yahoo mail is blocking access to my account from Thunderbird because it apparently considers Thunderbird a "less secure app".

I just set up Thunderbird for first time, using my Yahoo account, but was never able to connect. Kept getting error "Sending of password ... did not succeed. Mail server pop.mail.yahoo.com responded: Server error. Please try again later."

Then I see an email from Yahoo saying they blocked it:

"Your account is currently not enabled to sign in from apps that do not meet modern security standards (ex. Older versions of mail and calendar apps such as Outlook). As a result, we prevented a sign in to your Yahoo account... ... We strongly recommend that you switch to Yahoo's apps ... and remove your account from all other less secure apps."

It's true, I did set the Yahoo mail option to not allow "apps that use less secure sign in", I suppose I can change it if I really have to - but would prefer if Thunderbird could be set to use more secure login settings - is that possible? I had used the default security settings: Connection security= SSL/TLS, Authentication=Normal Password.

Any suggestions?

Yahoo mail is blocking access to my account from Thunderbird because it apparently considers Thunderbird a "less secure app". I just set up Thunderbird for first time, using my Yahoo account, but was never able to connect. Kept getting error "Sending of password ... did not succeed. Mail server pop.mail.yahoo.com responded: Server error. Please try again later." Then I see an email from Yahoo saying they blocked it: "Your account is currently not enabled to sign in from apps that do not meet modern security standards (ex. Older versions of mail and calendar apps such as Outlook). As a result, we prevented a sign in to your Yahoo account... ... We strongly recommend that you switch to Yahoo's apps ... and remove your account from all other less secure apps." It's true, I did set the Yahoo mail option to not allow "apps that use less secure sign in", I suppose I can change it if I really have to - but would prefer if Thunderbird could be set to use more secure login settings - is that possible? I had used the default security settings: Connection security= SSL/TLS, Authentication=Normal Password. Any suggestions?

선택된 해결법

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. Yahoo do not appear interested, so I suggest you enable less secure apps or move to Google where oAuth2.0 has been working since Thunderbird 38 because they actually issue the application tokens.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (4)

more options

선택된 해결법

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. Yahoo do not appear interested, so I suggest you enable less secure apps or move to Google where oAuth2.0 has been working since Thunderbird 38 because they actually issue the application tokens.

more options

Matt said

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. ...

Oh, so THAT's what they mean ... Okay, thanks Matt.

p.s. Can you suggest any others besides Google who use oAuth2.0? (preferably a good paid service rather than "free")

more options

cookiePJones said

Matt said
Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. ...

Oh, so THAT's what they mean ... Okay, thanks Matt.

p.s. Can you suggest any others besides Google who use oAuth2.0? (preferably a good paid service rather than "free")

I can not offer you anything with regard to paid providers other than they exist. Not because of any policy, simply because I do not know.

oAuth2.0 is not really a mail protocol, it is a web browser protocol. One of the reasons so few email programs support it, is that they have to act essentially as a web browser while the authorization dialogs are displayed. Personally I find that somewhat frightening. It is Ok for Thunderbird, we have the Firefox browser components to draw on, but the security implication of having email people start writing web browsers is truly worrying.

Basically oAuth is technically more secure, but it is also persistent, as someone noticed recently, the authorization persists after you delete the password from Thunderbird. So it is a horses for courses thing. Personally I think a user name and password is about as good, as long as the password falls into the passphrase category. http://www.useapassphrase.com/

But the best protection is a provider that locks your account after a number of incorrect attempts. All the information you will see talks about how long passwords take to crack, but this is based on computers throwing millions of guesses and trying again until they get it right. If you account is locked out after 3 or 4 bad attempts then it will take forever to guess your password another attempt can not be made until you go through the steps to again resume use of our account.

In the end, nothing preserves your data on a server except encryption of that data, so regardless of the connection method used, your data is not secure if the provider is hacked. Which is how Yahoo managed to loose something like a billion user names and passwords.

more options

Really good point.